Russian hacking highlights need for greater mobile device security

Details are continuing to surface on a Russian campaign to exploit the vulnerability of smartphones belonging to NATO soldiers. This incident comes as no surprise. Mobile devices are typically the most vulnerable computing devices, are easily exploited and have unique characteristics that desktops and servers do not. They also present unique opportunities for hackers that other types of computing devices do not. For example, they are incredibly easy to compromise outside the corporate network. All the time in our data feeds we see phones being attacked when they are out in the wild.

Most organizations have no form of mobile device detection or monitoring to warn them that they have been compromised. This makes the target that much easier for the hacker to compromise. Hackers work on the basis of absolute anonymity. In fact, they are much more likely to abandon an attack rather than reveal their identity. It is incredibly important for us to understand that they are not going to let us know that they’re performing a nefarious action on a device. They continue to do it in stealth until they succeed.

ADVERTISEMENT

Mobile devices admit to their location and aggressively connect to cell towers and Wi-Fi connections that may be malicious. This built-in phone feature is abused by hackers to get your device to connect to their network connection. In the case of this incident, Russia allegedly put telecom equipment on drones and flew them near NATO servicemen. But don’t be distracted. While those James Bond-esque techniques are exciting, the more important parts of the attack include off-the-shelf, easily purchased rogue access points, proving again how simple mobile attacks are to conduct.

For most of us, the hacker would now know who we are, our contacts are, who is in proximity to us and could do things like listening in on our conversations, steal contacts and emails, take pictures, decrypt network traffic, and make transactions using our phone.

This scenario is much like a banking Trojan where malware attacks an app on the phone and makes transactions using the compromised phone. When you apply this capability to a mobile device with sensitive NATO data and apps, you can see the damage potential that exists when phones are out, exposed, and being silently compromised.

Both the assets on the phone and access on the phone are prime hacker targets. This is extremely dangerous. A few examples of actions hackers commonly take:

Weaponizing the phone not only by compromising the phone and apps on it and turning it into a surveillance tool, but also corrupting systems on the backend.

Installing a RAT (remote access tool). A hacker can compromise a mobile device and installed a RAT while it’s out in the wild. Then the unsuspecting phone owner walks it right into, for example, a NATO office. It is now a weapon designed to carry out activities on behalf of the hacker. And no one knows because unlike physical security measures, phones have no sensor or wand to ID them as a weapon.

Hackers can’t get physical proximity to servers, but they can access it via a mobile device. For instance, the victim thinks he/she is simply surfing CNN.com on their phone. All the while, the attacker has hacked their phone, has privileges on it, has disabled the phone’s security and is delivering a device-level exploit.

To put the problem in perspective, anecdotally, we have heard that there are approximately 200,000 cyber warfare soldiers in China alone — with cybercriminals globally setting their sights on targets that certainly include mobile devices. Given the reality that mobile devices are the most vulnerable computing devices, clearly, this is an issue that requires attention.

John Michelsen is the CPO at Zimperium, a company dedicated to mobile device security.